Home

Description

perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.

PUBLISHED Reserved 2025-12-04 | Published 2025-12-04 | Updated 2025-12-05 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

Any version
affected

Credits

decrazyo finder

References

www.exploit-db.com/exploits/51825 (ExploitDB-51825) exploit

www.indigostar.com/ (IndigoSTAR Software Homepage) product

www.indigostar.com/...load/p2x-30.10-Linux-x64-5.30.1.tar.gz (IndigoSTAR Software Download Page) product permissions-required

www.vulncheck.com/...erl2exe-v3010c-arbitrary-code-execution third-party-advisory

cve.org (CVE-2024-58278)

nvd.nist.gov (CVE-2024-58278)